Home / trailofbits / algo
Repository Analysis

trailofbits/algo

Set up a personal VPN in the cloud

16.0 Moderate AI signal View on GitHub
16.0
Adjusted Score
16.0
Raw Score
100%
Time Factor
2026-05-27
Last Push
30,248
Stars
Python
Language
20,129
Lines of Code
220
Files
229
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 1MEDIUM 40LOW 188

Pattern Findings

229 matches across 12 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers99 hits · 104 pts
SeverityFileLineSnippet
LOWCLAUDE.md348def test_regression_openssl_inline_comments():
LOWtests/test_package_preinstall.py27 def test_preinstall_disabled_by_default(self):
LOWtests/test_package_preinstall.py53 def test_preinstall_disabled_explicitly(self):
LOWtests/test_cloud_init_template.py28def create_expected_cloud_init():
LOWtests/test_cloud_init_template.py192 def test_indentation_consistency(self):
LOWtests/validate_jinja2_templates.py34def check_inline_comments_in_expressions(template_content: str, template_path: Path) -> list[str]:
LOWtests/validate_jinja2_templates.py69def check_undefined_variables(template_path: Path) -> list[str]:
LOWtests/validate_jinja2_templates.py180def check_common_antipatterns(template_path: Path) -> list[str]:
LOWtests/unit/test_comprehensive_boolean_scan.py98 def test_no_string_true_false_in_set_fact(self):
LOWtests/unit/test_comprehensive_boolean_scan.py113 def test_no_bare_false_in_jinja_else(self):
LOWtests/unit/test_comprehensive_boolean_scan.py129 def test_when_conditions_use_booleans(self):
LOWtests/unit/test_comprehensive_boolean_scan.py163 def test_template_files_boolean_usage(self):
LOWtests/unit/test_comprehensive_boolean_scan.py189 def test_all_when_conditions_would_work(self):
LOWtests/unit/test_comprehensive_boolean_scan.py218 def test_no_other_problematic_patterns(self):
LOWtests/unit/test_comprehensive_boolean_scan.py267 def test_verify_our_fixes_are_correct(self):
LOWtests/unit/test_comprehensive_boolean_scan.py289 def test_templates_handle_booleans_correctly(self):
LOWtests/unit/test_lightsail_boto3_fix.py42 def test_lightsail_region_facts_imports(self):
LOWtests/unit/test_destroy.py41def test_destroy_playbook_syntax():
LOWtests/unit/test_destroy.py51def test_destroy_playbook_has_rescue():
LOWtests/unit/test_destroy.py59def test_destroy_playbook_has_confirmation():
LOWtests/unit/test_destroy.py66def test_all_provider_destroy_files_exist():
LOWtests/unit/test_destroy.py73def test_all_provider_destroy_files_valid_yaml():
LOWtests/unit/test_destroy.py82def test_provider_destroy_uses_absent_state():
LOWtests/unit/test_destroy.py99def test_lightsail_destroy_uses_cloudformation():
LOWtests/unit/test_destroy.py107def test_gce_destroy_cleans_subsidiary_resources():
LOWtests/unit/test_destroy.py116def test_vultr_destroy_cleans_firewall_group():
LOWtests/unit/test_destroy.py123def test_openstack_destroy_cleans_security_group():
LOWtests/unit/test_destroy.py130def test_cloudstack_destroy_cleans_security_group():
LOWtests/unit/test_destroy.py137def test_subsidiary_cleanup_is_best_effort():
LOWtests/unit/test_destroy.py152def test_linode_uses_label_not_name():
LOWtests/unit/test_destroy.py159def test_azure_deletes_resource_group():
LOWtests/unit/test_destroy.py167def test_algo_script_has_destroy_command():
LOWtests/unit/test_destroy.py175def test_algo_script_destroy_requires_ip():
LOWtests/unit/test_destroy.py182def test_server_yml_stores_algo_region():
LOWtests/unit/test_destroy.py189def test_destroy_playbook_validates_region_for_required_providers():
LOWtests/unit/test_destroy.py197def test_destroy_playbook_loads_server_config():
LOWtests/unit/test_destroy.py25def test_destroy_playbook_exists():
LOWtests/unit/test_destroy.py30def test_destroy_playbook_valid_yaml():
LOWtests/unit/test_cloud_provider_configs.py48def test_no_deprecated_instance_types():
LOWtests/unit/test_cloud_provider_configs.py60def test_required_fields_present():
LOWtests/unit/test_strongswan_templates.py50def get_strongswan_test_variables(scenario="default"):
LOWtests/unit/test_strongswan_templates.py102def test_strongswan_templates():
LOWtests/unit/test_strongswan_templates.py178def test_openssl_template_constraints():
LOWtests/unit/test_strongswan_templates.py223def test_mobileconfig_template():
LOWtests/unit/test_yaml_jinja2_expressions.py258def test_regression_openssl_inline_comments():
LOWtests/unit/test_yaml_jinja2_expressions.py301def test_edge_cases_inline_comments():
LOWtests/unit/test_yaml_jinja2_expressions.py364def test_yaml_files_no_inline_comments():
LOWtests/unit/test_yaml_jinja2_expressions.py387def test_openssl_file_specifically():
LOWtests/unit/test_iptables_rules.py118def test_alternative_ingress_snat():
LOWtests/unit/test_iptables_rules.py148def test_ipsec_forward_rule_has_policy_match():
LOWtests/unit/test_iptables_rules.py171def test_wireguard_forward_rule_no_policy_match():
LOWtests/unit/test_iptables_rules.py197def test_output_interface_in_nat_rules():
LOWtests/unit/test_iptables_rules.py225def test_dns_firewall_restricted_to_vpn():
LOWtests/unit/test_user_management.py42def test_server_selection_format():
LOWtests/unit/test_user_management.py71def test_ssh_key_preservation():
LOWtests/unit/test_user_management.py98def test_ca_password_handling():
LOWtests/unit/test_user_management.py127def test_user_config_generation():
LOWtests/unit/test_user_management.py149def test_duplicate_user_handling():
LOWtests/unit/test_basic_sanity.py19def test_pyproject_file_exists():
LOWtests/unit/test_basic_sanity.py77def test_cloud_init_header_format():
39 more matches not shown…
Decorative Section Separators24 hits · 76 pts
SeverityFileLineSnippet
MEDIUMconfig.cfg3# ============================================
MEDIUMconfig.cfg5# ============================================
MEDIUMconfig.cfg10# ============================================
MEDIUMserver.yml48 # ============================================================
MEDIUMserver.yml52 # ============================================================
MEDIUMtests/test-wireguard-real-async.yml3# ==================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh5# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh12# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh46# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh48# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh85# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh87# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh151# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh153# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh193# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh195# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh228# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh230# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh387# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh389# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh556# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh558# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh600# =============================================================================
MEDIUMtests/e2e/test-vpn-connectivity.sh602# =============================================================================
Redundant / Tautological Comments24 hits · 36 pts
SeverityFileLineSnippet
LOWconfig.cfg162 # Set use_existing_eip to "true" if you want to use a pre-allocated Elastic IP
LOWtests/validate_jinja2_templates.py57 # Check if it's likely a comment (has text after it)
LOWtests/unit/test_comprehensive_boolean_scan.py150 # Check if it's a simple condition (good) or comparing to string (bad)
LOWtests/unit/test_comprehensive_boolean_scan.py210 # Check if it's using one of our boolean variables
LOWtests/unit/test_comprehensive_boolean_scan.py258 # Check if it's a known safe pattern
LOWtests/unit/test_strongswan_templates.py206 # Check if the # is within {{ }}
LOWtests/unit/test_yaml_jinja2_expressions.py78 # Check if the # is within a list or dict literal
LOWtests/unit/test_yaml_jinja2_expressions.py95 # Check if it's escaped
LOWtests/unit/test_yaml_jinja2_expressions.py140 # Check if the # is within a list or dict literal
LOWtests/unit/test_template_rendering.py170 # Check if main.yml defines these
LOWtests/unit/test_template_rendering.py225 # Check if the expected endpoint format is in the output
LOWtests/unit/test_template_rendering.py317 # Check if we have Jinja2 available
LOWtests/unit/test_docker_localhost_deployment.py90 # Check if Dockerfile exists
LOWtests/unit/test_openssl_compatibility.py288 # Check if this looks like a client cert vs server cert
LOWtests/integration/ansible-service-wrapper.py32# Check if it's a known service
LOWtests/integration/mock_modules/apt.py65 # Check if we need to install anything
LOWtests/integration/mock_modules/apt.py82 # Check if we need to remove anything
LOWtests/e2e/test-vpn-connectivity.sh501 # Check if IPsec service is running on host
LOWroles/strongswan/handlers/main.yml13 # Check if StrongSwan is actually running
LOWroles/common/tasks/ubuntu.yml21 # Check if kernel was updated (most critical reboot reason)
LOWscripts/track-test-effectiveness.py92 # Check if PR was merged (indicating it fixed a real issue)
LOW.github/workflows/integration-tests.yml200 # Check if interface has peers
LOW.github/workflows/test-effectiveness.yml44 # Check if we need to create an issue
LOW.github/workflows/test-effectiveness.yml46 # Check if issue already exists
Excessive Try-Catch Wrapping34 hits · 34 pts
SeverityFileLineSnippet
LOWtests/test_cloud_init_template.py253 except Exception as e:
LOWtests/validate_jinja2_templates.py113 except Exception:
LOWtests/validate_jinja2_templates.py141 except Exception:
LOWtests/validate_jinja2_templates.py174 except Exception as e:
LOWtests/validate_jinja2_templates.py204 except Exception:
LOWtests/unit/test_lightsail_boto3_fix.py61 except Exception as e:
LOWtests/unit/test_lightsail_boto3_fix.py92 except Exception:
LOWtests/unit/test_strongswan_templates.py164 except Exception as e:
LOWtests/unit/test_strongswan_templates.py218 except Exception as e:
LOWtests/unit/test_strongswan_templates.py298 except Exception as e:
LOWtests/unit/test_yaml_jinja2_expressions.py152 except Exception as e:
LOWtests/unit/test_yaml_jinja2_expressions.py251 except Exception as e:
LOWtests/unit/test_user_management.py196 except Exception as e:
LOWtests/unit/test_basic_sanity.py117 except Exception as e:
LOWtests/unit/test_generated_configs.py380 except Exception as e:
LOWtests/unit/test_template_rendering.py87 except Exception as e:
LOWtests/unit/test_template_rendering.py146 except Exception as e:
LOWtests/unit/test_template_rendering.py235 except Exception as e:
LOWtests/unit/test_template_rendering.py309 except Exception as e:
LOWtests/unit/test_template_rendering.py340 except Exception as e:
LOWtests/unit/test_config_validation.py144 except Exception as e:
LOWtests/unit/test_wireguard_key_generation.py63 except Exception:
LOWtests/unit/test_wireguard_key_generation.py122 except Exception as e:
LOWtests/unit/test_wireguard_key_generation.py179 except Exception as e:
LOWtests/unit/test_wireguard_key_generation.py341 except Exception as e:
LOWtests/unit/test_scaleway_fix.py128 except Exception as e:
LOWtests/unit/test_docker_localhost_deployment.py162 except Exception as e:
LOWtests/unit/test_openssl_compatibility.py568 except Exception as e:
LOWtests/unit/test_double_templating.py78 except Exception:
LOWtests/integration/mock_modules/command.py65 except Exception as e:
LOWtests/integration/mock_modules/shell.py60 except Exception as e:
LOWlibrary/x25519_pubkey.py87 except Exception as e:
LOWlibrary/x25519_pubkey.py120 except Exception as e:
MEDIUMscripts/track-test-effectiveness.py19 print(f"Error fetching {endpoint}: {result.stderr}")
Deep Nesting26 hits · 26 pts
SeverityFileLineSnippet
LOWtests/conftest.py98
LOWtests/test_cloud_init_template.py192
LOWtests/validate_jinja2_templates.py34
LOWtests/unit/test_comprehensive_boolean_scan.py129
LOWtests/unit/test_comprehensive_boolean_scan.py218
LOWtests/unit/test_lightsail_boto3_fix.py64
LOWtests/unit/test_strongswan_templates.py102
LOWtests/unit/test_strongswan_templates.py178
LOWtests/unit/test_yaml_jinja2_expressions.py68
LOWtests/unit/test_yaml_jinja2_expressions.py209
LOWtests/unit/test_yaml_jinja2_expressions.py301
LOWtests/unit/test_generated_configs.py21
LOWtests/unit/test_generated_configs.py96
LOWtests/unit/test_generated_configs.py172
LOWtests/unit/test_generated_configs.py298
LOWtests/unit/test_template_rendering.py29
LOWtests/unit/test_template_rendering.py187
LOWtests/unit/test_template_rendering.py247
LOWtests/unit/test_wireguard_key_generation.py70
LOWtests/integration/mock_modules/command.py9
LOWtests/integration/mock_modules/apt.py9
LOWlibrary/scaleway_compute.py560
LOWlibrary/scaleway_compute.py589
LOWlibrary/x25519_pubkey.py32
LOWscripts/track-test-effectiveness.py24
LOWscripts/track-test-effectiveness.py85
Self-Referential Comments6 hits · 18 pts
SeverityFileLineSnippet
MEDIUMtests/test_package_preinstall.py11 # Create a simplified test template with just the packages section
MEDIUMtests/test-local-config.sh13# Create a minimal test configuration
MEDIUMtests/unit/test_wireguard_key_generation.py233 # Create a WireGuard config using our keys
MEDIUMtests/unit/test_docker_localhost_deployment.py23 # Create a test WireGuard config
MEDIUMtests/e2e/test-vpn-connectivity.sh462 # Create a minimal strongswan.conf
MEDIUM.github/workflows/integration-tests.yml286 # Create a minimal valid config
Dead Code6 hits · 12 pts
SeverityFileLineSnippet
MEDIUMtests/unit/test_strongswan_templates.py237
MEDIUMtests/unit/test_strongswan_templates.py256
MEDIUMtests/unit/test_strongswan_templates.py257
MEDIUMtests/unit/test_strongswan_templates.py302
MEDIUMtests/unit/test_strongswan_templates.py305
MEDIUMtests/unit/test_strongswan_templates.py306
AI Slop Vocabulary4 hits · 6 pts
SeverityFileLineSnippet
LOWtests/unit/test_strongswan_templates.py30 # Simple mock - just return True for now
MEDIUMtests/unit/test_yaml_jinja2_expressions.py162 """Get a comprehensive set of test variables for expression validation."""
MEDIUMtests/unit/test_template_rendering.py43 """Get a comprehensive set of test variables for template rendering"""
MEDIUMroles/dns/tasks/ubuntu.yml119 # Additional hardening on top of comprehensive AppArmor
Cross-Language Confusion1 hit · 5 pts
SeverityFileLineSnippet
HIGHtests/test_cloud_init_template.py74 - sudo apt-get remove -y --purge sshguard || true
Over-Commented Block2 hits · 2 pts
SeverityFileLineSnippet
LOWconfig.cfg1---
LOWtests/integration/mock-apparmor_status.sh1#!/bin/bash
Unused Imports2 hits · 2 pts
SeverityFileLineSnippet
LOWtests/unit/test_template_rendering.py319
LOWlibrary/lightsail_region_facts.py58
Overly Generic Function Names1 hit · 0 pts
SeverityFileLineSnippet
LOWlibrary/scaleway_compute.py294def perform_action(compute_api, server, action):